HP-UX Internet Services Administrator's Guide (August 2003)
Configuring NTP
Advanced NTP Topics
Chapter 4 85
authenticate yes
If you do not specify this statement, authentication is not enabled. When
you enable authentication, you can specify the following options:
• -e authdelay
This option indicates the amount of time (in seconds) required to
encrypt an NTP authentication field on the local host.
IMPORTANT The startup script automatically calculates the proper value for
authdelay for the local system and writes it into the configuration
file /etc/ntp.conf. Do not modify this value.
• -k keyfile
This option specifies the file that contains the encryption keys used
by xntpd.
• -t key
This option specifies the encryption key IDs that are trusted as
synchronization sources.
Restricting Incoming NTP Packets
xntpd provides a mechanism for restricting access to the local daemon
from certain sources. In the /etc/ntp.conf file, you can define a
restriction list that contains the addresses or addresses and masks of
sources that may send NTP packets to the local host. For each address or
address-mask specified in the restriction list, you can define flags to
restrict time service or queries to the local host.
The source address of each incoming NTP packet is then compared to the
restriction list. If a source address matches an entry in the restriction
list, the restriction defined by the corresponding flag is applied to the
incoming packet. If an address-mask is specified in the restriction list,
the source address of each incoming NTP packet is ANDed with the
mask, and then compared with the associated address for a match.
The restriction list should not be considered an alternative to
authentication. It is most useful for keeping unwanted or broken remote
time servers from affecting your local host. An entry in the restriction
list has the following format: